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1 Architecture: Towards a secure and interoperable DRM architecture 
^ Gelareh Taban, Alvaro A. Cardenas, Virgil D. Gligor 

October 2006 Proceedings of the ACM workshop on Digital rights management DRM 
06 

Publisher: ACM Press 

Full text available:^ pdf(442. 79 KB ) Additional Information: full citation , abstract , references , index terms 

In this paper we look at the problem of interoperability of digital rights management 
(DRM)systems in home networks. We introduce an intermediate module called the 
Domain Interoperability Manager (DIM) to efficiently deal with the problem of content and 
license translation across different DRM regimes. We also consider the threat model 
specific to interoperability systems, and introduce threats such as the cross-compliancy 
and splicing attacks. We formalize the adversary model and define securit ... 

Keywords: DRM, home networks, interoperability 
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Full text available: ^ pdf(6.06 MB) Additional Information: full citation , abstract , references , index terms 

Physical layer wireless network emulation has the potential to be a powerful experimental 
tool. An important challenge in physical emulation, and traditional simulation, is to 
accurately model the wireless channel. In this paper we examine the possibility of using 
on-card signal strength measurements to capture wireless channel traces. A key 
advantage of this approach is the simplicity and ubiquity with which these measurements 
can be obtained since virtually all wireless devices provide the req ... 

Keywords: channel capture, emulation, wireless 
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Publisher: ACM Press 

Full text available' 151 pdf(443.01 KB) Adc, ^ onal Information: full citation , abstract , references , citings, index 
'ler 8 — : terms 

The ext3cow file system, built on the popular ext3 file system, provides an open-source 
file versioning and snapshot platform for compliance with the versioning and audtitability 
requirements of recent electronic record retention legislation. Ext3cow provides a time- 
shifting interface that permits a real-time and continuous view of data in the past. Time- 
shifting does not pollute the file system namespace nor require snapshots to be mounted 
as a separate file system. Further, ext3cow is i ... 

Keywords: Versioning file systems, copy-on-wrlte 
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£v Liqun Chen, Rainer Landfermann, Hans Lohr, Markus Rohe, Ahmad-Reza Sadeghi, Christian 
Stuble, Horst Gortz 

November 2006 Proceedings of the first ACM workshop on Scalable trusted computing 
STC '06 

Publisher: ACM Press 

Full text available: *g] pdf(279.99 KB) Additional Information: full citation , abstract , references , index terms 

The Trusted Computing Group (TCG) has issued several specifications to enhance the 
architecture of common computing platforms by means of new functionalities, amongst 
others the (binary) attestation to verify the integrity of a (remote) computing 
platform/application. However, as pointed out recently, the binary attestation has some 
shortcomings, in particular when used for applications: First, it reveals information about 
the configuration of a platform (hardware and software) or application. T ... 

Keywords: TCG binary attestation, property-based attestation, security kernels, zero- 
knowledge proof of knowledge 
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Full text available: "g[ pdf(331.03 KB ) 
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Current approaches to access control on the Web servers do not scale to enterprise-wide 
systems because they are mostly based on individual user identities. Hence we were 
motivated by the need to manage and enforce the strong and efficient RBAC access 
control technology in large-scale Web environments. To satisfy this requirement, we 
identify two different architectures for RBAC on the Web, called user-pull and server-pull. 
To demonstrate feasibility, we im ... 

Keywords: WWW security, cookies, digital certificates, role-based access control 
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This paper describes a security architecture allowing digital rights management in home 
networks consisting of consumer electronic devices. The idea is to allow devices to 
establish dynamic groups, so called "Authorized Domains", where legally acquired 
copyrighted content can seamlessly move from device to device. This greatly improves 
the end-user experience, preserves "fair use" expectations, and enables the development 
of new business models by content providers. Key to our design is a hyb ... 

Keywords: DRM architectures, compliant CE devices, digital content protection 
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In the past decade, informational records have become entirely digital. These include 
financial statements, health care records, student records, private consumer information 
and other sensitive data. Because of the delicate nature of the data these records contain, 
Congress and the courts have begun to recognize the importance of properly storing and 
securing electronic records. Examples of legislation include the Health Insurance 
Portability and Accountability Act (HIPAA) of 1996, the Gramm-Le ... 
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Smartcards are the most secure portable computing device today. They have been used 
successfully in applications involving money, and proprietary and personal data (such as 
banking, healthcare, insurance, etc.). As smartcards get more powerful (with 32-bit CPU 
and more than 1 MB of stable memory in the next versions) and become multi- 
application, the need for database management arises. However, smartcards have severe 
hardware limitations (very slow write, very little RAM, constrained stable mem ... 

Keywords: Atomicity, Durability, Execution model, PicoDBMS, Query optimization, 
Smartcard applications, Storage model 
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In this paper we study privacy issues regarding the use of the SSL/TLS protocol and 
X.509 certificates. Our main attention is placed on subscription-based remote services 
(e.g., subscription to newspapers and databases) where the service manager charges a 
flat fee for a period of time independent of the actual number of times the service is 
requested. We start by pointing out that restricting the access to such services by using 
X.509 certificates and the SSL/TLS protocol, while preserving the in ... 
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Understanding distributed applications is a tedious and difficult task. Visualizations based 
on process-time diagrams are often used to obtain a better understanding of the 
execution of the application. The visualization tool we use is Poet, an event tracer 
developed at the University of Waterloo. However, these diagrams are often very complex 
and do not provide the user with the desired overview of the application. In our 
experience, such tools display repeated occurrences of non-trivial commun ... 
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The conversion of a MAS into a FIPA-compliant system (i.e. one that adheres to FIPA 
standards), is important to support interoperability across different MAS. Supporting such 
a conversion will also allow system developers to make more effective use of their 
existing systems. Such a conversion imposes amendments on the system architecture to 
conform to the new (FIPA) standards, which require extensive code re-writes and testing 
procedures. We propose a different approach to achieving FIPA complia ... 

Keywords: agent languages and environments, agent-based software engineering, 
methodologies and tools, standards for agent and MAS 
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The Internet is an almost ideal means for information retrieval and exchange. It is cost- 
effective, easy to use and easily accessible. However, it can also be susceptible to devious 
practices such as data tempering, eavesdropping and theft. This paper analyses secure 
virtual private networks &lpar;VPNs&rpar; and their use in countering the problems of the 
Internet. Copyright © 1999 John Wiley & Sons, Ltd. 
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The increasing number of software-based attacks has attracted substantial efforts to 
prevent applications from malicious interference. For example, Trusted Computing (TC) 
technologies have been recently proposed to provide strong isolation on application 
platforms. On the other hand, today pervasively available computing cycles and data 
resources have enabled various distributed applications that require collaboration among 
different application processes. These two conflicting trends grow in ... 
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In the Differentiated Services (DiffServ) architecture, each domain has a Bandwidth 
Broker to provide the resources management, primarily bandwidth reservation. In a 
multi-domain environment, Simple Inter-domain Bandwidth Broker Signaling (SIBBS) 
protocol is proposed for the inter-domain communication protocol proposed for bandwidth 
broker communication. Since the information exchanged between BBs are sensitive in 
sense of Service Level Agreement (SLA), the communications between the inter-domai ... 

Keywords: Bandwidth Broker, Public Key Infrastructure, Simple Inter-domain Bandwidth 
Broker Signaling 
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The problem addressed in this paper is that of DRM interoperability. The term DRM 
interoperability, as used here, refers to approaches that provide for the transfer, from one 
"upstream" DRM system to another "downstream" DRM system, of DRM protected content 
and an associated license. We introduce the concept of a Rights Issuer Module (RIM) that 
is functionally situated in the home network between the upstream device (which includes 
an upstream-DRM agent) and downstream devices (which each includ ... 

Keywords: MPEG-21, NEMO, copyright protection, coral, digital content, digital rights 
management, export, import, interoperability, open mobile alliance, security 
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Computer security protocols usually terminate in a computer; however, the human-based 
services which they support usually terminate in a human. The gap between the human 
and the computer creates potential for security problems. We examine this gap, as it is 
manifested in secure Web servers. Felten et al. demonstrated the potential, in 1996, for 
malicious servers to impersonate honest servers. In this paper, we show how malicious 
servers can still do this— and can also forge the existence of an ... 
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We describe a model of self-administering data. In this model, a declarative description of 
how a data object should behave is attached to the object, either by a user or by a data 
input device. A widespread infrastructure of self-administering data handlers is presumed 
to exist; these handlers are responsible for carrying out the specifications attached to the 
data. Typically, the specifications express how and to whom the data should be 
transferred, how it should be incorporated when it i ... 

Keywords: asynchonous collaboration, data access model, data management, distributed 
file system, file sharing, peer to peer, scalable update propagation, self-administering 
data 
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As part of the Lancaster GUIDE II project, we have developed a novel wireless access 
point protocol designed to support the development of next generation mobile context- 
aware applications in our local environs. Once deployed, this architecture will allow 
ordinary citizens secure, accountable and convenient access to a set of tailored 
applications including location, multimedia and context based services, and the public 
Internet. Our architecture utilises packet marking and network level packet ... 

Keywords: authentication, mobile IPv6, public access point, security, wireless Internet 
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Recovery from intrusions is typically a very time-consuming operation in current systems. 
At a time when the cost of human resources dominates the cost of computing resources, 
we argue that next generation systems should be built with automated intrusion recovery 
as a primary goal. In this paper, we describe the design of Taser, a system that helps in 
selectively recovering legitimate file-system data after an attack or local damage occurs. 
Taser reverts tainted, i.e. attack-dependent, file-syst ... 

Keywords: file systems, intrusion analysis, intrusion recovery, snapshots 
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